[krbdev.mit.edu #7755] git commit

Tom Yu via RT rt-comment at krbdev.mit.edu
Mon Nov 4 14:47:00 EST 2013

Multi-realm KDC null deref [CVE-2013-1418]

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.


A related but more minor vulnerability requires authentication to
exploit, and is only present if a third-party KDC database module can
dereference a null pointer under certain conditions.

Author: Tom Yu <tlyu at mit.edu>
Commit: 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
Branch: master
 src/kdc/main.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

More information about the krb5-bugs mailing list